nullism / pycnic Goto Github PK

I think it would be usefull to add gunicorn in install_requires,
in your example you use :
gunicorn file:app
but basic user do not know where gunicorn come from.

I was using curl to try the full-auth.py example.

I ran /login successfully, which gave this response:

HTTP/1.0 200 OK
Date: Tue, 16 Feb 2021 06:49:09 GMT
Server: WSGIServer/0.2 CPython/3.8.5
Content-Type: application/json
Set-Cookie: session_id=c14138a45dce834f08e476522a00d605c55ace6a; path=/; 

{"message": "Logged in", "session_id": "c14138a45dce834f08e476522a00d605c55ace6a"}

I then tried to run /home by copying and pasting the entire cookie string to curl:

curl -i -X GET http://localhost:8080/home --cookie "session_id=c14138a45dce834f08e476522a00d605c55ace6a; path=/;"

The result was an error:

HTTP/1.0 500 Internal Server Error
Date: Tue, 16 Feb 2021 06:49:46 GMT
Server: WSGIServer/0.2 CPython/3.8.5
Content-Type: application/json

{"error": "Internal server error encountered."}

It turns out that the error is because of the trailing semicolon in the cookie string. (I shouldn't have pasted the path= part either, but the trailing semicolon is what breaks it.)

Traceback (most recent call last):
  File "/home/josh/.local/lib/python3.8/site-packages/pycnic/core.py", line 235, in __iter__
    resp = self.delegate()
  File "/home/josh/.local/lib/python3.8/site-packages/pycnic/core.py", line 308, in delegate
    output = func(*args)
  File "full-auth.py", line 33, in wrapped
    if not get_user(args[0].request):
  File "full-auth.py", line 14, in get_user
    sess_id = request.cookies.get("session_id")
  File "/home/josh/.local/lib/python3.8/site-packages/pycnic/core.py", line 124, in cookies
    cname, cvalue = cookie_line.strip().split('=', 1)
ValueError: not enough values to unpack (expected 2, got 1)

A malformed cookie header shouldn't result in a server error. Pycnic should either silently ignore the trailing comma, or it should return 400 Bad Request.

Hi,

So I have the very basic example on your website setup with the simple get method and the root route. Running it with gunicorn using the following command works perfectly:

gunicorn quote:app -b :9005

But using uwsgi, I get an invalid request block size so I expand increase the max block size and run the following:

uwsgi --socket 127.0.0.1:9005 --module quote:app -b 32768

uwsgi seems to run fine but I keep getting empty responses. With gunicorn I was able to retrieve the data correctly from the same request.

Any ideas?

THere's a problem with the top menu on the pycnic docs website.

The class .top-menu has overflow: hidden set, which hides the dropdown from the "Docs" submenu. Removing overflow: hidden from that class fixes the issue.

Tested in latest Safari and Chrome on Mac OS X.

Looks like there's some certificate issue with the documentation host. As this is a regression, I didn't proceed past the SSL security prompt.

According to jonashaag/bjoern#118, QUERY_STRING cannot be assumed as part of the incoming environment.

Request.args and Request.json_args should assume QUERY_STRING="" when it is not present in the environment.

Example application:

from pycnic.core import WSGI, Handler

class Hello(Handler):
    def get(self):
        name = self.request.args.get("name", "Pycnic")
        return {"msg": "Hello, %s!" % (name)}

class app(WSGI):
    routes = [("/hello", Hello())]

if __name__ == "__main__":
    import bjoern
    bjoern.run(app, "127.0.0.1", 8000)

When run, requests to http://localhost:8000 err:

'QUERY_STRING'
Traceback (most recent call last):
  File "/XXXX/lib/python3.8/site-packages/pycnic/core.py", line 237, in __iter__
    resp = self.delegate()
  File "/XXXX/lib/python3.8/site-packages/pycnic/core.py", line 310, in delegate
    output = func(*args)
  File "app.py", line 6, in get
    name = self.request.args.get("name", "Pycnic")
  File "/XXXX/lib/python3.8/site-packages/pycnic/core.py", line 81, in args
    qs = self.environ["QUERY_STRING"]
KeyError: 'QUERY_STRING'

I'm new to python so not sure if i'm missing something. In the below code when i print the result variable i get the proper output but when i try to return the result i just get this "error": "An unhandled exception occurred during response". i know i should use get but using post since i need to send data which il do later on..

def post(self):
        url = self.request.environ['PATH_INFO']
        urlarray = url.split('/')
        if urlarray[3]:
            result = db.colletion.find_one({"_id": ObjectId("%s"%(urlarrary[3]))})
        print(result)
        return result

Hello.
How I can add additional params HttpOnly and Secure in self.response.set_cookie?
Now ";" replaced in set_cookie function and I can't do it.

def set_cookie(self, key, value, expires="", path='/', domain=""):
        value = value.replace(";","") # ; not allowed
        if expires:
            expires = "expires=%s; "%(expires)
        if domain:
            domain = "Domain=%s; "%(domain)
        self.cookie_dict[key] = "%s;%s%s path=%s"%(value, domain, expires, path)

May be add two new function args Secure=False, HttpOnly=False?

The response headers are shared between requests.

If I do self.response.set_header('x-foo', 'bar') on request one, and don't set it in request two, the header is still present in the response to request two.

Using environ like this ?

query_string = self.request.environ["QUERY_STRING"]
variables = dict(urllib.parse.parse_qsl(query_string))

Is there a better way to do this?

Hi,
I'm having trouble to enable CORS in one simple pynic script. The front-end sends OPTIONS and seems Pycnic block it so the API stops working.

Thanks.